Level 5 CMMC - CMMC Practices

SI.3.218  

Reference: CMMC 1.02

Family: SI

Level Introduced: 3

Practice:
Employ spam protection mechanisms at information system access entry and exit points.

CMMC Clarification:
Spam filters should be applied on email that is inbound (coming into the organization) or outbound (leaving the organization). Inbound filters can protect the organization’s users from spam originating on the internet. Outbound protection helps the organization identify the origins of potential spam on their own network. Without this, an organization risks having its email server blacklisted for sending spam emails.

Example
As the email administrator for your company, you notice a significant increase in the amount of spam entering your network year after year. You want to implement a spam filtering capability to meet these two goals:
• reduce the number of unsolicited email to your user’s inboxes; and
• block potentially harmful email, including phishing emails and attachments, from
reaching end users.

You create a spam mailbox where users can forward spam emails that make it through the filter. You periodically review the spam mailbox emails and use them to improve the spam filter rules to better block spam in the future.

You are also concerned that, without adding outbound spam protections, your organization’s email servers could be blacklisted. Because of this, you implement outbound protections that allow you to trace potential spam email originating on your network to a specific user and machine.

Spam filtering is used to protect against unwanted, unsolicited, and often harmful emails from reaching end user mailboxes. Spam filters are applied on inbound and outbound emails. Spam filtering helps protect your network from phishing and emails containing viruses and other malicious content. Spam filtering can also be used to mark email as potential spam to caution users reading the email and clicking on links within the email. Information system entry and exit points include, for example, firewalls, electronic mail servers, web servers, proxy servers, remote-access servers, workstations, mobile devices, and notebook/laptop computers.

Source: CMMC v1.02

SI-8

SPAM PROTECTION

Description:
The organization:
    a. Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and
    b. Updates spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.

Supplemental Guidance:
Information system entry and exit points include, for example, firewalls, electronic mail servers, web servers, proxy servers, remote-access servers, workstations, mobile devices, and notebook/laptop computers. Spam can be transported by different means including, for example, electronic mail, electronic mail attachments, and web accesses. Spam protection mechanisms include, for example, signature definitions. Related controls: AT-2, AT-3, SC-5, SC-7, SI-3.

Source: NIST Special Publication 800-53 Rev. 4

Source: CMMC v1.02